Articles

By: (GCIH, GPEN, GWAPT)

Publication: Nebraska Banker , March/April 2017

Nebraska Banker March/April 2017

Intrusion Detection Systems (IDS) have been around for over thirty years, dating back to the Intrusion Detection Expert System (IDES) in the mid 1980’s. Intrusion detection technology continued to evolve with the introduction of Host-based, Network-based and Network behavior analysis systems. Additionally, systems capable of blocking malicious traffic, Intrusion Prevention Systems (IPS), originated from IDS.

 

Intrusion Detection and Prevention Systems (IDPS) traditionally have been hosted on systems dedicated to the task of detecting and responding to malicious network traffic. Over the last several years, security appliances that fill multiple roles such as firewall, VPN, Internet filtering, antivirus, and IDPS have been placed on the market by multiple vendors. These devices, also known by the name Unified Threat Management (UTM), may not always provide true IDPS services since the device may not have adequate system resources or may require additional licenses or hardware modules. This can leave a device owner believing they are protected by and IDPS, when in fact they are not.

Read Full Article

 

By: (Network+, CISA)

Publication: The Community Banker , Spring 2017

 

Community Banker Spring 2017In 1982, a Coke machine at Carnegie Mellon University was modified to connect to the Internet and report inventory and temperature status. In 1985, the first alleged use of the term “Internet of Things” was by Peter T. Lewis before a technical panel organized by the FCC and U.S. Department of Commerce Minority Enterprise Telecommunications Seminars. It is only in recent years, however, that the Internet of Things, or IoT for short, has really taken off and influenced our daily lives.

Read Full Article

 

By: (Security+)

Publication: The Kansas Banker , March 2017

 

Kansas Banker March 2017Assessing risk is all about extrapolating meaning from potential. In other words, look at what could happen and consider how those things would affect you. The process can be as complicated or as simple as you choose to make it. At the end of the day, risk assessments are a way to become aware of potential issues and of controls to alleviate those dangers. You do not have to think of every potential scenario. In fact, considering what is common covers the majority of threats.

 

Read Full Article

 

By: (ISACA Cybersecurity Fundamentals, CompTIA A+, Security+)

Publication: Colorado Banker , March/April 2017

 

Colorado Bank Mar/Apr 2017Floods. Hurricanes. Tornadoes. Fire. Power outages. The zombie apocalypse (well, maybe not that one). You don’t have to be in banking to know these threats exist in our world. Although they may not have an exhaustive, board approved Business Continuity Plan ready to go in an emergency, the average person has some awareness that disasters occur and an instinct on what to do:

“The hurricane is projected to make landfall – shutter the windows and head to aunt Martha’s.”

“There’s been a fire – call 911, get out of the building, stop, drop, and roll.”

Elementary, right? What about this one:

Read Full Article

 

By: (CISA, CISSP, CRISC)

Publication: Nebraska Banker , January/February 2017

 

Nebraska Banker Jan- Feb 2017There has been a lot of attention on website ADA compliance over the past few months.  Several community banks have received demanding letters from law firms alleging the bank is violating the Americans with Disabilities Act (ADA).  Purportedly these letters claim that unless the bank modifies its website to meet the World Wide Web Consortium’s Web Content Accessibility Guidelines (WCAG), the bank will continue to violate ADA.  So, what does this mean?  Let’s take a look at some common questions banks are asking about ADA compliance.

What is ADA compliance?

Read Full Article

 

By:

The Kansas Banker Jan 2017

ADA website accessibility is a trending topic in the community banking industry. Why? Recently several financial institutions have received letters threatening lawsuits because banking websites are not “accessible.” The Americans with Disabilities Act (ADA), enacted in 1990, is a civil rights law created to prohibit discrimination against individuals with disabilities. In 2010, the Department of Justice (DOJ) initiated the rulemaking process concerning website accessibility. This process consists of calls for public comments on proposed rules, impact and cost analysis, and finally acceptance into the federal register. Since 2010, the process has been continually delayed. As of right now, finalized rules are expected to be released sometime in 2018, leaving no clear guidelines to follow at the moment. Without these guidelines in place, how can your bank protect itself from opportunistic legal battles while committing to provide an accessible site to your customers? Accessibility policies and vendor management are the answer.

Read Full Article

 

By: (Security+)

Publication: The Colorado Banker , January/February 2017

 

The Colorado Banker 2017

If you spend much time with teenagers, you know they use a special version of the English language. A few months ago, I was introduced to the term “on fleek.” Personally, I never liked it, but by the time I worked up enough courage to use the term in a conversation, I was informed, “Alyssa, ‘on fleek’ is so last year. Now, we say ‘lit’.” (Rolling my eyes here.) While both terms can be used to describe something “awesome,” I tell you this to emphasize how difficult it can be to understand another language.

Read Full Article

 

By: (Network+, CISA)

Publication: The Kansas Banker , December 2016

 

The Kansas Banker December 2016

Raise your hand if you are tired of constantly changing your password and sticking to whatever arbitrary rules seem to be in place at the time. Okay, now put your hand down because you are most likely drawing unnecessary attention to yourself, especially if you are in a coffee shop or on your couch at home surrounded by family. Everyone seems to grumble about password length and expirations, but the truth is: strong passwords are a necessary complication and their use isn’t going away anytime soon. If anything, password complexity guidelines are shifting to be even more stringent, although there may be some light at the end of the extremely long tunnel.

Read Full Article

 

By: (CISSP, CISA, Security+) and

Publication: Nebraska Banker , November/December 2016

Nebraska Banker November/December 2016

One of the difficult tasks banks continue to face is how do you educate your customers on the importance of cybersecurity? You send inserts with your statements and provide pamphlets in your brick and mortar branch, but what is being absorbed?

 

On the other hand, when you are marketing, you target your audience through TV ads, flyers, magazines, tradeshows, signage, etc. – a variety of channels to reach a wide audience base. Try to think of educating your customers in the same way you would market to them. After all, one of the roles of marketing is to educate. As with marketing, you can’t expect to educate your target audience about cybersecurity through just one channel. So here are some ideas and channels to consider for providing cybersecurity education:

Read Full Article

 

By: (Security +)

Publication: The Community Banker , Winter 2016

The Community Banker Winter 2016

DDoS attack that disrupted internet was largest of its kind in history, experts say,” was the headline from The Guardian on October 26th 2016.  What followed explained how this attack brought down some servers that provided online gaming and streaming video services.  As a banker who may have read a similar article, you may have thought to yourself, “So some kid couldn’t play his video game, so what?”  It is hard to envision how something like a DDoS (Distributed Denial of Service) attack can affect the banking industry, but it can.  First, it is important to understand what a DDoS attack is and then how it relates to information security in the financial industry.

Read Full Article